公开(公告)号：US20060089985A1

公开(公告)日：2006-04-27

申请号：US10974386

申请日：2004-10-26

申请人： Massimiliano Poletto

发明人： Massimiliano Poletto

IPC分类号： G06F15/173

CPC分类号： H04L41/0631 ,  H04L41/0213 ,  H04L43/02 ,  H04L43/12 ,  H04L63/14 ,  H04L69/40

摘要： A system includes a plurality of collector devices that are disposed to collect statistical information on packets that are sent between nodes on a network. The system also includes a stackable aggregator that receives network data from the plurality of collector devices, and which produces a connection table that maps each node on the network to a record that stores information about traffic to or from the node. The stackable aggregator includes a manager blade, a database blade, and two or more, analyzer blades.

摘要翻译： 系统包括多个收集器装置，其被设置为收集关于在网络上的节点之间发送的分组的统计信息。 该系统还包括可堆叠聚合器，其从多个收集器设备接收网络数据，并且其产生将网络上的每个节点映射到存储关于到节点或从节点的流量的信息的记录的连接表。 可堆叠聚合器包括管理器刀片，数据库刀片和两个或更多个分析器刀片。

公开(公告)号：US20060067220A1

公开(公告)日：2006-03-30

申请号：US10955450

申请日：2004-09-30

申请人： Massimiliano Poletto ,  Andrew Gorelik

发明人： Massimiliano Poletto ,  Andrew Gorelik

IPC分类号： H04L12/26

CPC分类号： H04L63/0218 ,  H04L63/145 ,  H04L63/1458

摘要： Techniques for tracking dynamically negotiated port connections in a network include collecting statistical information on packets that are sent between nodes on a network, inspecting packets of control connections to detect payload fragments that denote ephemeral port negotiation and producing a mapping from a ephemeral connection flow_id to a control connection flow_id. The techniques also include checking the flow_id to see whether a flow record maps to a control connection.

摘要翻译： 用于跟踪网络中动态协商的端口连接的技术包括收集关于在网络上的节点之间发送的分组的统计信息，检查控制连接的分组以检测表示短暂端口协商的有效载荷片段，并产生从短暂连接flow_id到 控制连接flow_id。 这些技术还包括检查flow_id以查看流记录是否映射到控制连接。

公开(公告)号：US20050286423A1

公开(公告)日：2005-12-29

申请号：US10880333

申请日：2004-06-28

申请人： Massimiliano Poletto ,  Andrew Ratin ,  Edward Kohler

发明人： Massimiliano Poletto ,  Andrew Ratin ,  Edward Kohler

IPC分类号： H04L1/00 ,  H04L12/24 ,  H04L12/26 ,  H04L29/06

CPC分类号： H04L41/0893 ,  H04L41/0233 ,  H04L41/06 ,  H04L43/0811 ,  H04L43/12 ,  H04L63/1425

摘要： A plurality of flow collector devices is disposed to collect flow information on a network. Duplicate flow records received from the flow collectors are eliminated by determining whether a pair of flow records has the same, source and destination flow identifiers and were received within a predefined time-period. Non-duplicated flow records received from the plurality of flow collector devices are stored and used to produces a connection table that maps each node on the network to a record that stores information about traffic to or from the node from non-duplicated flow records. The connection table stores statistical information of packets on the network based on a time-slice basis.

摘要翻译： 设置多个集流装置以收集网络上的流量信息。 通过确定一对流记录是否具有相同的源和目标流标识符并且在预定义的时间段内被接收来消除从流收集器接收的重复的流记录。 从多个流收集器装置接收到的不重复的流记录被存储并用于产生连接表，其将网络上的每个节点映射到存储关于来自非重复流记录的节点的流量的信息的记录。 连接表基于时间片存储在网络上的分组的统计信息。

公开(公告)号：US20060173992A1

公开(公告)日：2006-08-03

申请号：US10701376

申请日：2003-11-03

申请人： Daniel Weber ,  Prem Gopalan ,  Massimiliano Poletto

发明人： Daniel Weber ,  Prem Gopalan ,  Massimiliano Poletto

IPC分类号： G06F15/173

CPC分类号： H04L63/1425 ,  H04L63/145 ,  H04L63/1458

摘要： A system for detecting network intrusions and other conditions in a network is described. The system includes a plurality of collector devices that are disposed to collect data and statistical information on packets that are sent between nodes on a network. An aggregator device is disposed to receive data and statistical information from the plurality of collector devices. The aggregator device produces a connection table that maps each node on the network to a record that stores information about traffic to or from the node. The aggregator runs processes that determine network events from aggregating of anomalies into network events.

公开(公告)号：US20050033989A1

公开(公告)日：2005-02-10

申请号：US10701353

申请日：2003-11-03

申请人： Massimiliano Poletto ,  Benjamin Wilken

发明人： Massimiliano Poletto ,  Benjamin Wilken

IPC分类号： H04L9/00 ,  H04L29/06

CPC分类号： H04L63/1416 ,  H04L63/1458

摘要： A system for detecting network intrusions and other conditions in a network is described. The system includes a plurality of collector devices that are disposed to collect data and statistical information on packets that are sent between nodes on a network. An aggregator device is disposed to receive data and statistical information from the plurality of collector devices. The aggregator device produces a connection table that maps each node on the network to a record that stores information about traffic to or from the node. The aggregator runs processes that determine network events from aggregating of anomalies into network events.

摘要翻译： 描述了一种用于检测网络中的网络入侵和其他条件的系统。 该系统包括多个收集器装置，其被设置为收集关于在网络上的节点之间发送的分组的数据和统计信息。 设置聚合器装置以从多个收集器装置接收数据和统计信息。 聚合器设备产生连接表，其将网络上的每个节点映射到存储关于到节点或从节点的流量的信息的记录。 聚合器运行确定网络事件的过程，从异常聚合到网络事件。